I would argue it makes it harder to cheat. The paper based testing typically has a large number of test takers to very small number of proctors.

Every time I've taken a certification test at a testing center, I've had a camera on me the ENTIRE time I took the test. I promise its easier for me to slip some crib notes past a proctor in a room full of test takers. It would be harder for me to do the same with the camera watching.

The camera also adds some audit-ability. You can go back to the video at any time whereas once I've taken the paper-based test, you can't go back.

Additionally, those proctors are volunteer CISSP holders that proctor in order to get CLE's. The likelihood of collusion between an employee at the test taking center vs the proctors would likely not be all that dissimilar.

ziggy_567 wrote:I would argue it makes it harder to cheat. The paper based testing typically has a large number of test takers to very small number of proctors.

Every time I've taken a certification test at a testing center, I've had a camera on me the ENTIRE time I took the test. I promise its easier for me to slip some crib notes past a proctor in a room full of test takers. It would be harder for me to do the same with the camera watching.

The camera also adds some audit-ability. You can go back to the video at any time whereas once I've taken the paper-based test, you can't go back.

Additionally, those proctors are volunteer CISSP holders that proctor in order to get CLE's. The likelihood of collusion between an employee at the test taking center vs the proctors would likely not be all that dissimilar.

I think the argument is that it would be easier to make a copy of an electronic exam and have it on the internet for people to memorize. Right now, they keep those paper tests attached to their kevlar and protected with a .45. I think it may be the beginning of the end and the CISSP will be looked at as if it is a microsoft certification. Maybe they will make it tougher somehow to prevent this. Who knows.

They have a ridiculously large question pool. It's easily in the thousands; it may be over 10k. If you've even spoken with anyone who has failed an MS or Cisco exam, they'll probably tell you their retake contained many of the same questions. With small pools, it's feasible to cheat your way through an exam by memorizing a collection of a few copied exams.

That's not going to be the case here. Dumps for this would be worthless since they would either contain a ridiculously small percentage of the questions that could actually appear on your exam, or they would be so large that it would take significantly less time and effort to just study for it outright.

I don't know why people even bother with that garbage; these exams really aren't that difficult. If you hate studying and/or have problems with learning new things, you're in the wrong field.

ajohnson wrote:I don't know why people even bother with that garbage; these exams really aren't that difficult. If you hate studying and/or have problems with learning new things, you're in the wrong field.

Thumbs up to this comment.

In the end of the day someone whom wants to cheat will always find a way to cheat, just like a hacker whom has decided to target your organisation for your assets they will always find a way and the best you can do is deter them and make it as difficult as possible. The same principle applies here and ISC2 can only but do their best.

Afterall ISC2 are a business and as far as I am aware they are not a non profit organisation so therefore they are going to start using more easier methods to create business and profitability.

So if you don't want to legitimate gain the knowledge to pass the exam then why bother? I understand there are situations where your company may want you to become qualified and you feel that you have more knowledge through experience etc than the exam will bring that is understandable (and is the case for a HUGE percentage of security folk ). However, if you do have the knowledge then the exam should be easy for you